Did you know the General Data Protection Regulation is already UK law?
The enforcement will apply from 25th May 2018 and have a wide-ranging impact on all companies processing personally identifiable information (PII) - including fines for breaching regulations.
Through our portfolio of training and discovery services, we can help you identify the PII in your organisation, and the flow of data.
Our team can assist in defining relevant processes to meet compliance with the new legislation and the technology that can assist.
Gain a comprehensive understanding of the proposed changes to data protection legislation and what the implications are for your organisationLearn more
Understand where data comes into your organisation, how it is processed, where it resides and who you share it with by conducting a personal data flow analysisLearn more
Assess how closely you comply with the GDPR, along with an indication of areas and activities you will need to focus on in order to achieve compliance from May 2018Learn more
Snapshot your data security to ascertain the levels of risk associated with both structured and unstructured data - as well as 'active versus stale' data in your environmentLearn more
The principles of the GDPR are similar to the DPA, with several key enhancements and additional obligations which will impact every organisation. Understanding what PII exists as well as how it is stored, processed and protected is essential to remaining compliant and to ensure that the rights of the individual are protected.
Protecting personally identifiable information is essential in order to comply with the GDPR. Organisations will be required to implement both technical and governance measures in order to address the risks posed. This will mean ensuring the ongoing confidentiality, integrity and availability for your data processing systems.
Businesses will be required to make it easy for individuals to exercise the right of access to their information, the right to object to direct marketing and profiling, and to move their data between suppliers. The GDPR recommends that individuals are provided with remote access to a secure self-service system, granting access to their data.
A personal data breach refers to a breakdown in security, leading to the destruction, loss, alteration, unauthorised disclosure or access. The consequence of a breach is more than just the loss of personal data. Once discovered, it must be reported within 72 hours and if considered high risk, the individuals must be notified